dast
Passed Started
by
@dbodicherla
Dhiraj Bodicherla
This job is archived. Only the complete pipeline can be retried.
1Running with gitlab-runner 12.5.0-rc1 (b295d93b)2 on docker-auto-scale fa6cab46 3 Using Docker executor with image registry.gitlab.com/gitlab-org/security-products/dast:12-6-stable ...
02:40
4Pulling docker image registry.gitlab.com/gitlab-org/security-products/dast:12-6-stable ...5Using docker image sha256:c4c7ab0d463ee2a45bd4e341d198dcf7e14ed1f45497e0a1dd5ab55409b421cf for registry.gitlab.com/gitlab-org/security-products/dast:12-6-stable ... 6 Running on runner-fa6cab46-project-4422333-concurrent-0 via runner-fa6cab46-stg-srm-1575869001-80f20b07...
00:05
8Initialized empty Git repository in /builds/gitlab-org/monitor/monitor-sandbox/.git/9Created fresh repository.11 * [new ref] refs/pipelines/12691041 -> refs/pipelines/1269104112 * [new branch] master -> origin/master13Checking out fe5c9d47 as master...14Skipping Git submodules setup16Downloading artifacts from coordinator... ok id=36929286 responseStatus=200 OK token=uRRhQ6tH18$ /analyze -t $DAST_WEBSITE192019-12-09 05:26:17,238 using Python 2.7.15+ (default, Jul 9 2019, 16:51:35) [GCC 7.4.0]202019-12-09 05:26:17,239 waiting for http://dast-4422333-dast-default.34.67.11.220.nip.io to be available212019-12-09 05:26:17,239 requesting access to http://dast-4422333-dast-default.34.67.11.220.nip.io222019-12-09 05:26:18,617 starting scan232019-12-09 05:26:18,619 Script params: [('-t', 'http://dast-4422333-dast-default.34.67.11.220.nip.io'), ('-J', 'gl-dast-report.json')]242019-12-09 05:26:18,620 Params: ['zap-x.sh', '-daemon', '-port', '60336', '-host', '0.0.0.0', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=1', '-addonupdate', '-addoninstall', 'pscanrulesBeta']25Dec 09, 2019 5:26:28 AM java.util.prefs.FileSystemPreferences$1 run26INFO: Created user preferences directory.27[zap.out] Found Java version 1.8.0_22228[zap.out] Available memory: 3693 MB29[zap.out] Using JVM args: -Xmx923m30[zap.out] 677 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP D-2019-09-23 started 09/12/19 05:26:22 with home /root/.ZAP_D/31[zap.out] 741 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.disablekey = true was null32[zap.out] 743 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.name = .* was null33[zap.out] 743 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.regex = true was null34[zap.out] 744 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config spider.maxDuration = 1 was null35[zap.out] 757 [main] INFO org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols...36[zap.out] 758 [main] INFO org.parosproxy.paros.network.SSLConnector - Using a SSLEngine...37[zap.out] 1075 [main] INFO org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]38[zap.out] 1090 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled.39[zap.out] 1868 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start40[zap.out] 1878 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end41[zap.out] 2021 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions42[zap.out] 5671 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=accessControl, version=6.0.0], [id=alertFilters, version=9.0.0], [id=ascanrules, version=34.0.0], [id=ascanrulesBeta, version=27.0.0], [id=bruteforce, version=9.0.0], [id=coreLang, version=14.0.0], [id=diff, version=10.0.0], [id=directorylistv1, version=4.0.0], [id=formhandler, version=3.0.0], [id=fuzz, version=12.0.0], [id=gettingStarted, version=11.0.0], [id=help, version=10.0.0], [id=hud, version=0.7.0], [id=importurls, version=7.0.0], [id=invoke, version=10.0.0], [id=onlineMenu, version=7.0.0], [id=openapi, version=14.0.0], [id=plugnhack, version=12.0.0], [id=portscan, version=9.0.0], [id=pscanrules, version=25.0.0], [id=pscanrulesBeta, version=20.0.0], [id=quickstart, version=27.0.0], [id=replacer, version=8.0.0], [id=reveal, version=3.0.0], [id=saverawmessage, version=5.0.0], [id=savexmlmessage, version=0.1.0], [id=scripts, version=26.0.0], [id=selenium, version=15.1.0], [id=sequence, version=6.0.0], [id=spiderAjax, version=23.1.0], [id=tips, version=7.0.0], [id=webdriverlinux, version=13.0.0], [id=webdrivermacos, version=13.0.0], [id=webdriverwindows, version=13.0.0], [id=websocket, version=21.0.0], [id=zest, version=30.0.0]]43[zap.out] 6557 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded44[zap.out] 6859 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates45[zap.out] 6891 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension46[zap.out] 6891 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension47[zap.out] 6891 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP48[zap.out] 6906 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session State Extension49[zap.out] 6906 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Extension50[zap.out] 6907 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension51[zap.out] 6913 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields52[zap.out] 6914 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions53[zap.out] 6915 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encode/Decode/Hash...54[zap.out] 6915 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses55[zap.out] 6917 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner56[zap.out] 7062 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules57[zap.out] 7066 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule58[zap.out] 7066 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure59[zap.out] 7067 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens60[zap.out] 7067 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set61[zap.out] 7068 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch62[zap.out] 7068 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP Scanner63[zap.out] 7070 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing64[zap.out] 7071 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag65[zap.out] 7071 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie66[zap.out] 7071 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag67[zap.out] 7071 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion68[zap.out] 7071 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Web Browser XSS Protection Not Enabled69[zap.out] 7071 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages70[zap.out] 7071 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method71[zap.out] 7071 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState72[zap.out] 7071 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content73[zap.out] 7071 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure74[zap.out] 7072 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite75[zap.out] 7072 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate Scanner76[zap.out] 7072 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing77[zap.out] 7072 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header Scanner78[zap.out] 7072 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without SameSite Attribute79[zap.out] 7072 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration80[zap.out] 7072 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL81[zap.out] 7072 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header82[zap.out] 7072 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments83[zap.out] 7073 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override84[zap.out] 7073 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure85[zap.out] 7073 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found86[zap.out] 7073 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header Scanner87[zap.out] 7073 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak88[zap.out] 7073 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)89[zap.out] 7100 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts90[zap.out] 7101 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added91[zap.out] 7112 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSequence92[zap.out] 7113 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site93[zap.out] 7125 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks94[zap.out] 7126 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool95[zap.out] 7127 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple but effective port scanner96[zap.out] 7127 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Manual Request Editor Extension97[zap.out] 7127 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences98[zap.out] 7128 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters99[zap.out] 7128 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens100[zap.out] 7131 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authentication Extension101[zap.out] 7143 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]102[zap.out] 7144 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser103[zap.out] 7144 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only104[zap.out] 7144 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Users Extension105[zap.out] 7146 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies106[zap.out] 7147 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration107[zap.out] 7213 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages108[zap.out] 7503 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced User Extension109[zap.out] 7504 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions110[zap.out] 7510 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools111[zap.out] 7730 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff112[zap.out] 7731 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Post Table View Extension113[zap.out] 7731 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple browser configuration114[zap.out] 7732 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session Management Extension115[zap.out] 7734 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management]116[zap.out] 7734 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Form Table View Extension117[zap.out] 7736 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints.118[zap.out] 7758 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to import a file containing URLs which ZAP will access, adding them to the Sites tree119[zap.out] 7758 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI related functionality.120[zap.out] 7759 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authorization Extension121[zap.out] 7759 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax122[zap.out] 7760 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.123[zap.out] 7771 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Manages the local proxy configurations124[zap.out] 7773 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Add-on that adds a set of tools for testing access control in web applications.125[zap.out] 7774 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs126[zap.out] 7774 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree127[zap.out] 7774 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User Guide128[zap.out] 7774 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a URL suitable for calling from target sites129[zap.out] 7777 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts130[zap.out] 7777 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Combined HTTP Panels Extension131[zap.out] 7777 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Hex View Extension132[zap.out] 7777 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Image View Extension133[zap.out] 7777 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Large Request View Extension134[zap.out] 7777 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Large Response View Extension135[zap.out] 7777 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Query Table View Extension136[zap.out] 7777 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension137[zap.out] 7778 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.138[zap.out] 7778 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active and passive rule configuration139[zap.out] 7796 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics140[zap.out] 7797 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats141[zap.out] 7799 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.142[zap.out] 7803 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages.143[zap.out] 7804 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks144[zap.out] 7804 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - beta145[zap.out] 7805 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Context alert rules filter146[zap.out] 7807 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing This extension allows a user to change the default values used by ZAP Spiders.147[zap.out] 7810 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveRawHttpMessage148[zap.out] 7812 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz WebSocket messages.149[zap.out] 7812 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules150[zap.out] 7812 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Translations of the core language files151[zap.out] 7816 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules152[zap.out] 7817 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide153[zap.out] 7817 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Easy way to replace strings in requests and responses154[zap.out] 7823 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links155[zap.out] 7825 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveXMLHttpMessage156[zap.out] 7828 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - beta157[zap.out] 7828 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Heads Up Display158[zap.out] 7932 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUDlaunch159[zap.out] 7936 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to spider and import OpenAPI (Swagger) definitions 160[zap.out] 7949 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds the Quick Start panel for scanning and exploring applications161[zap.out] 7955 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Add the option to use the Ajax Spider in the Quick Start scan162[zap.out] 7955 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP163[zap.out] 7956 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP164[zap.out] 8560 [ZAP-daemon] INFO org.zaproxy.zap.extension.callback.ExtensionCallback - Started callback server on 0.0.0.0:42957165[zap.out] 8560 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - Creating new root CA certificate166[zap.out] 10611 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - New root CA certificate created167[zap.out] 12237 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.Total of 4 URLs168PASS: Cookie No HttpOnly Flag [10010]169PASS: Cookie Without Secure Flag [10011]170PASS: Incomplete or No Cache-control and Pragma HTTP Header Set [10015]171PASS: Web Browser XSS Protection Not Enabled [10016]172PASS: Cross-Domain JavaScript Source File Inclusion [10017]173PASS: Content-Type Header Missing [10019]174PASS: X-Frame-Options Header Scanner [10020]175PASS: X-Content-Type-Options Header Missing [10021]176PASS: Information Disclosure - Debug Error Messages [10023]177PASS: Information Disclosure - Sensitive Information in URL [10024]178PASS: Information Disclosure - Sensitive Information in HTTP Referrer Header [10025]179PASS: HTTP Parameter Override [10026]180PASS: Information Disclosure - Suspicious Comments [10027]181PASS: Viewstate Scanner [10032]182PASS: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037]183PASS: Secure Pages Include Mixed Content [10040]184PASS: Cookie Without SameSite Attribute [10054]185PASS: CSP Scanner [10055]186PASS: X-Debug-Token Information Leak [10056]187PASS: Username Hash Found [10057]188PASS: X-AspNet-Version Response Header Scanner [10061]189PASS: Timestamp Disclosure [10096]190PASS: Cross-Domain Misconfiguration [10098]191PASS: Weak Authentication Method [10105]192PASS: Absence of Anti-CSRF Tokens [10202]193PASS: Private IP Disclosure [2]194PASS: Session ID in URL Rewrite [3]195PASS: Script Passive Scan Rules [50001]196PASS: Insecure JSF ViewState [90001]197PASS: Charset Mismatch [90011]198PASS: Application Error Disclosure [90022]199PASS: Loosely Scoped Cookie [90033]200FAIL-NEW: 0 FAIL-INPROG: 0 WARN-NEW: 0 WARN-INPROG: 0 INFO: 0 IGNORE: 0 PASS: 32202gl-dast-report.json: found 1 matching files 203Uploading artifacts to coordinator... ok id=36929287 responseStatus=201 Created token=zPAmeKPj204Job succeeded